"No way to prevent this" say users of only language where this regularly happens
xeiaso.net
Xe Iaso's personal website.

A shitpost about languages that generate CVEs

  • lad@programming.devEnglish
    0·
    3 months ago

    Also, I like how this problem had a really simple solution all along

    There really isn’t anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn’t want to write their code in a robust manner.

    Yeah, totally, it’s all those faulty programmers fault. They should’ve written good programmes instead of the bad ones, but they just refuse to listen

    • onlinepersona@programming.devOPEnglish
      0·
      3 months ago

      Right, those devs with 20+ years C experience don’t know shit about the language and are just lazy. They don’t want to catch up with the times and write safe C. It’s me, the dude with 5 years of university experience who will set it straight. Look at my hello world program, not a single line of vulnerable code.

      Anti Commercial-AI license

        • onlinepersona@programming.devOPEnglish
          0·
          3 months ago

          Yeah, for sure. Human error is involved in C and inertia too. New coding practices and libraries aren’t used, tests aren’t written, code quality sucks (variable names in C are notoriously cryptic), there’s little documentation, many things are rewritten (seems like everybody has rewritten memory allocation at least once), one’s casual void * is another’s absolute nono, and so on.

          C just makes it really easy to make mistakes.

          Anti Commercial-AI license

    • verstra@programming.dev
      0·
      3 months ago

      Well, lemmy is a place for much more cultured audience. We can appreciate a good shitpost (that does also hold some water).

  • 0x0@programming.dev
    0·
    3 months ago

    The “C is bad trope” is getting way too old. I’m surprised the author didn’t plug Rust.

    the only programming language in the world where these vulnerabilities regularly happen

    Maybe because it’s one of the most widely used languages in the world…

    • BatmanAoD@programming.dev
      0·
      3 months ago

      The trope will be “old” once the mainstream view is no longer that C-style memory management is “good enough”.

      That said, this particular vulnerability was primarily due to how signals work, which I understand to be kind of unavoidably terrible in any language.

        • BatmanAoD@programming.dev
          0·
          3 months ago

          I’m not totally clear on why signals are used here in the first place. Arguably most C code doesn’t “need” to use signals in complex ways, either.